Andy Lutomirski
9079ec459c
webconfig: fixes for token security
...
* Use 16-byte tokens
* Use os.urandom (random.getrandbits shouldn't be used for security)
* Convert to hex correctly
2014-08-22 15:44:43 +08:00
Andy Lutomirski
aaddccfdb1
webconfig: Use a constant-time token comparison
...
This prevents a linear-time attack to recover the auth token.
2014-08-22 15:39:13 +08:00
David Adam
4ae2753025
Authenticate connections to web_config service
...
- Require all requests to use a session path.
- Use a redirect file to avoid exposing the '/start' URL on the
command line, as it contains the cookie value.
Fix for CVE-2014-2914.
Closes #1438 .
2014-08-04 13:34:26 +08:00
ridiculousfish
b6658c5497
Render sample prompts faster in fish_config by using a thread pool
2014-07-29 12:12:32 -07:00
David Xia
adabc2d7a0
Fix fish_config error with python3
...
Closes #1253 .
2014-07-28 22:02:55 +08:00
Siteshwar Vashisht
317660c2fe
Avoid using OptionParser to parse bindings in webconfig.py
...
OptionParser eats commaandline arguments passed to bind actions, so avoid using it.
2014-07-25 08:39:31 +05:30
ridiculousfish
f6a89d13c2
Merge branch 'master' of github.com:fish-shell/fish-shell
2014-07-23 22:27:37 -07:00
Siteshwar Vashisht
3e01dd955f
Updated code to parse bindings in webconfig.py
2014-07-23 01:53:15 +05:30
adisbladis
27fa0ea9d7
"webconfig.py: Don't allow NoneType as buffer, fallback to bytes.
...
Fixes TypeErrors when using bindings tab"
2014-07-22 12:31:57 +02:00
Siteshwar Vashisht
7b3132d39d
Fixed code to parse bindings for webconfig
2014-06-08 16:05:00 +05:30
Anders Bergh
44b35f7735
fish_config: Listen on both IPv6 and IPv4.
...
A subclass of TCPServer was created to deny any non-local connections and to
listen using an IPv6 socket.
2014-03-31 10:06:46 -07:00
Konrad Borowski
6d749789ce
Use 127.0.0.1 for fish config.
...
Before this change, fish config used 0 as its address. However, this
isn't a good idea from security point of view, as web service can be
accessed from everywhere, and do anything on the account it was ran on.
This also deals with firewalls which block the access to 0 even from
the host machine itself. It possibly might fix #673 , but I'm not sure.
2014-02-27 14:47:08 +01:00
ridiculousfish
77dbaf3aef
Fix for Python out-of-range exception when accessing Bindings tab
2014-02-09 20:19:04 -08:00
Siteshwar Vashisht
a1b43b7a09
Fix for opening bindings tab as initial tab
...
'fish_config bindings' command should open bindings tab as initially active tab
2014-01-30 23:53:49 +05:30
Siteshwar Vashisht
646180518a
Minor fixes in the colors tab
...
* Show color scheme title in preview box
* Show information about setting terminal background color on Apply
button mouse hover
* Added text_color_for_color method in colors controller scope
2013-12-07 13:12:43 +05:30
Siteshwar Vashisht
659541f4a5
Merge branch 'master' into fish_config_angular
2013-12-07 09:50:59 +05:30
d10n
168d25e780
Do not open CLI browsers when using fish_config.
...
From the Python webbrowser documentation:
"If text-mode browsers are used, the calling process will block until the user exits the browser."
Running fish_config on an ssh server with no GUI browser will open a CLI browser which blocks and stops the server from handling requests.
Using multiprocess to run the server in the background lets CLI browsers access the page, but the page is unusable.
For now, disable CLI browsers and recommend opening the page in a graphical browser.
In the future, maybe write a CLI utility to change prompts and delete history items.
2013-11-26 00:41:09 -08:00
Siteshwar Vashisht
63233655f4
Updated fish_config prompt tab
2013-11-09 18:26:44 +05:30
Siteshwar Vashisht
9e424ed921
Show actual binding if user clicks a binding item
2013-10-27 18:51:50 +05:30
Siteshwar Vashisht
be55d2c57f
Updated handling escape character in binding parser
2013-10-25 00:05:26 +05:30
Siteshwar Vashisht
aed26f8c1e
Added code for parsing end key
2013-10-22 23:08:30 +05:30
Siteshwar Vashisht
6482fd52fb
Moved some color related methods from index.html to colorutils.js
2013-10-22 23:00:38 +05:30
Siteshwar Vashisht
80a48be324
Changed scheme for loading key bindings
2013-10-20 15:03:47 +05:30
Siteshwar Vashisht
0ad6e6f459
Updated binding tab to show descriptive key names
2013-10-17 19:47:04 +05:30
Siteshwar Vashisht
885c23b453
Show readable description of bindings
2013-10-17 19:47:04 +05:30
Siteshwar Vashisht
04f518082c
Initial implementation of bindings tab
2013-10-17 19:47:04 +05:30
Siteshwar Vashisht
c018bfdb4d
Initial work to add support for angularjs
2013-10-17 19:47:03 +05:30
Konrad Borowski
a1020b3e61
Remove useless semicolon in webconfig.py
2013-09-08 20:19:43 +02:00
Siteshwar Vashisht
379cf3d249
Converted tabs to spaces in webconfig script
2013-07-06 21:09:20 +05:30
ridiculousfish
2517832718
Teach fish_config how to find fish from __fish_bin_dir
...
Fixes https://github.com/fish-shell/fish-shell/issues/621
2013-04-15 14:15:47 -07:00
Anders Bergh
56dd25667d
Make fish_config compatible with Python 2.5
...
Try to import parse_qs from the cgi module, and simplejson instead of json.
Use old string formatting. str.format() was backported from Python 3
to 2.6 and isn't available in 2.5.
2012-12-12 12:51:55 +01:00
ridiculousfish
211b9ea8b9
Added terlar's prompt, and robbyrussell which was inadvertently omitted
...
https://github.com/fish-shell/fish-shell/issues/329
2012-10-15 18:45:46 -07:00
Peter Ammon
86a978d9ee
Fixed web_config prompt to work with Python 2.6.1
2012-09-10 02:11:06 -07:00
ridiculousfish
f6fe3df59b
Fix to make prompt chooser work in Python3
2012-09-06 19:01:07 -07:00
ridiculousfish
e0764bb25e
Improve python3 compatibility in webconfig.py
2012-09-06 02:03:21 -07:00
ridiculousfish
3589554028
Allow setting the prompt from web_config
2012-09-06 01:30:26 -07:00
ridiculousfish
3606664cf7
Merge branch 'webserver' of git://github.com/simukis/fish-shell into simukis-webserver
...
Conflicts:
share/tools/web_config/webconfig.py
2012-08-20 12:03:39 -07:00
ridiculousfish
81f45208b0
Make history deletion from web config work properly with Unicode under both Python2 and Python3
...
Make the filter search field hide properly in tabs where it's non-functional
Fixes https://github.com/fish-shell/fish-shell/issues/265
2012-08-20 11:58:54 -07:00
Simonas Kazlauskas
ef566836c4
Wipe unnecessary as
statement
2012-08-19 23:26:15 +03:00
Simonas Kazlauskas
10dfca1a75
Decode data in python3 – Fixes #265 .
...
In both in python2 and python3 parse_qs expects str object. In
python2 it worked ok, because self.rfile was open in binary mode and
str in python2 is actually a string of bytes. However in python3 str is
actually string of unicode literals, not bytes and file was still open
in binary mode. Thus, deleting any file with non-ascii byte inside
filename failed in python3.
Also, cgi.parse_qs is deprecated and shouldn't be used.
2012-08-19 23:19:07 +03:00
Simonas Kazlauskas
b3e3f041fe
Remove trailing spaces and replace tabs with spaces
2012-08-19 22:55:50 +03:00
ridiculousfish
f41a699f5d
Fix to make the choose-a-port loop work correctly for webconfig.py under Python3
2012-08-17 01:14:05 -07:00
ridiculousfish
f6b76e6ecb
Fix to allow specifying an initial tab in fish_config
...
For example, you can run "fish_config history"
2012-07-27 13:40:43 -07:00
ridiculousfish
e7cbcc83a4
Implemented history deletion from fish_config
...
Fixes https://github.com/fish-shell/fish-shell/issues/250
2012-07-27 00:31:00 -07:00
Adam
a49d245b92
Python3 fixes for webconfig.py
2012-06-05 20:40:51 -07:00
ridiculousfish
53cba2a2e6
Improved webconfig.py's handling of combined term256 and classic colors
2012-06-05 01:19:59 -07:00
ridiculousfish
4bd63020ca
Fix to add a little explanatory text to colors in the web config interface
2012-05-08 17:10:38 -07:00
ridiculousfish
37defa739b
Fix for an extra line at the end of the variable listing
...
Once again, fix the issue where some color cells aren't clickable
2012-04-01 01:31:38 -07:00
ridiculousfish
ff17101316
A little better support for non-term-256 colors in web config
...
Fix for a deadlock when autoloading a function triggers autoloading another function
2012-03-31 15:17:14 -07:00
ridiculousfish
a11687fc5c
Make the functions builtin have a bit nicer output
...
Stop autosuggesting things with newlines
Make webconfig a little nicer
2012-03-25 22:41:22 -07:00